CVE-2024-54189 – A privilege escalation vulnerability in Paralle... (How to Fix)

Q: What is the severity of CVE-2024-54189?

CVE-2024-54189 has a CVSS score of 7.8 (HIGH). A privilege escalation vulnerability in Parallels Desktop for Mac allows attackers to write to arbitrary files by exploiting hard links during snapshot creation. This could enable local attackers to gain root privileges on the host system. Only users running the affected version of Parallels Desktop on macOS are impacted.

📋 TL;DR

A privilege escalation vulnerability in Parallels Desktop for Mac allows attackers to write to arbitrary files by exploiting hard links during snapshot creation. This could enable local attackers to gain root privileges on the host system. Only users running the affected version of Parallels Desktop on macOS are impacted.

💻 Affected Systems

Products:

Parallels Desktop for Mac

Versions: Version 20.1.1 (build 55740)

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Parallels Desktop with snapshot functionality enabled and a user with local access to the macOS host.

📦 What is this software?

Parallels Desktop by Parallels

View all CVEs affecting Parallels Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root compromise of the macOS host system, allowing complete control over the machine and all virtual machines.

🟠

Likely Case

Local privilege escalation from a standard user to root on the macOS host, enabling installation of persistent malware or access to sensitive data.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, potentially detected before full exploitation.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring access to the host system.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts could exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of the snapshot process timing. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version (beyond 20.1.1 build 55740)

Vendor Advisory: https://kb.parallels.com/en/130010

Restart Required: Yes

Instructions:

1. Open Parallels Desktop. 2. Go to Parallels Desktop menu > Check for Updates. 3. Install available updates. 4. Restart Parallels Desktop and affected virtual machines.

🔧 Temporary Workarounds

Disable snapshot functionality

all

Temporarily disable the snapshot feature to prevent exploitation

Restrict user access

all

Limit Parallels Desktop access to trusted users only

🧯 If You Can't Patch

Restrict Parallels Desktop to trusted users only
Monitor for unusual file system activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Parallels Desktop version in About Parallels Desktop. If version is 20.1.1 (build 55740), system is vulnerable.

Check Version:

Open Parallels Desktop > Parallels Desktop menu > About Parallels Desktop

Verify Fix Applied:

Verify version is updated beyond 20.1.1 build 55740 in About Parallels Desktop.

📡 Detection & Monitoring

Log Indicators:

Unusual file writes during snapshot operations
Privilege escalation attempts in system logs

Network Indicators:

None - local attack only

SIEM Query:

Search for process elevation from parallels processes or unusual file system modifications by parallels services

📊 Metadata

CVE ID: CVE-2024-54189

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-62

EPSS Score: 0.06% exploit probability (18.1th percentile)

Published: June 3, 2025

Last Updated: July 2, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2124 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54189, you might also want to check these: